1*1c60b9acSAndroid Build Coastguard Worker# lws minimal example for JWS 2*1c60b9acSAndroid Build Coastguard Worker 3*1c60b9acSAndroid Build Coastguard WorkerDemonstrates how to sign and verify using compact JWS and JWK, providing a 4*1c60b9acSAndroid Build Coastguard Workercommandline tool for signing and verifying stdin. 5*1c60b9acSAndroid Build Coastguard Worker 6*1c60b9acSAndroid Build Coastguard Worker## build 7*1c60b9acSAndroid Build Coastguard Worker 8*1c60b9acSAndroid Build Coastguard Worker``` 9*1c60b9acSAndroid Build Coastguard Worker $ cmake . && make 10*1c60b9acSAndroid Build Coastguard Worker``` 11*1c60b9acSAndroid Build Coastguard Worker 12*1c60b9acSAndroid Build Coastguard Worker## usage 13*1c60b9acSAndroid Build Coastguard Worker 14*1c60b9acSAndroid Build Coastguard WorkerStdin is either the plaintext (if signing) or compact JWS (if verifying). 15*1c60b9acSAndroid Build Coastguard Worker 16*1c60b9acSAndroid Build Coastguard WorkerStdout is either the JWE (if encrypting) or plaintext (if decrypting). 17*1c60b9acSAndroid Build Coastguard Worker 18*1c60b9acSAndroid Build Coastguard WorkerYou must pass a private or public key JWK file in the -k option if encrypting, 19*1c60b9acSAndroid Build Coastguard Workerand must pass a private key JWK file in the -k option if decrypting. To be 20*1c60b9acSAndroid Build Coastguard Workerclear, for asymmetric keys the public part of the key is required to encrypt, 21*1c60b9acSAndroid Build Coastguard Workerand the private part required to decrypt. 22*1c60b9acSAndroid Build Coastguard Worker 23*1c60b9acSAndroid Build Coastguard WorkerFor convenience, a pair of public and private keys are provided, 24*1c60b9acSAndroid Build Coastguard Worker`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just 25*1c60b9acSAndroid Build Coastguard Worker 26*1c60b9acSAndroid Build Coastguard Worker``` 27*1c60b9acSAndroid Build Coastguard Worker $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private 28*1c60b9acSAndroid Build Coastguard Worker``` 29*1c60b9acSAndroid Build Coastguard Worker 30*1c60b9acSAndroid Build Coastguard WorkerSimilar keys for EC modes may be produced with 31*1c60b9acSAndroid Build Coastguard Worker 32*1c60b9acSAndroid Build Coastguard Worker``` 33*1c60b9acSAndroid Build Coastguard Worker $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private 34*1c60b9acSAndroid Build Coastguard Worker``` 35*1c60b9acSAndroid Build Coastguard Worker 36*1c60b9acSAndroid Build Coastguard WorkerJWSs produced with openssl and mbedtls backends are completely interchangeable. 37*1c60b9acSAndroid Build Coastguard Worker 38*1c60b9acSAndroid Build Coastguard WorkerCommandline option|Meaning 39*1c60b9acSAndroid Build Coastguard Worker---|--- 40*1c60b9acSAndroid Build Coastguard Worker-d <loglevel>|Debug verbosity in decimal, eg, -d15 41*1c60b9acSAndroid Build Coastguard Worker-s "<signature alg>"|Sign (default is verify), eg, -e "ES256". For verify, the cipher information comes from the input JWS. 42*1c60b9acSAndroid Build Coastguard Worker-k <jwk file>|JWK file to sign or verify with... sign requires the key has its private part 43*1c60b9acSAndroid Build Coastguard Worker-c|Format the JWE as a linebroken C string 44*1c60b9acSAndroid Build Coastguard Worker-f|Output flattened representation (instead of compact by default) 45*1c60b9acSAndroid Build Coastguard Worker 46*1c60b9acSAndroid Build Coastguard Worker``` 47*1c60b9acSAndroid Build Coastguard Worker $ echo -n "plaintext0123456" | ./lws-crypto-jws -s "ES256" -k ec-p256.private 48*1c60b9acSAndroid Build Coastguard Worker[2018/12/19 16:20:25:6519] USER: LWS JWE example tool 49*1c60b9acSAndroid Build Coastguard Worker[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 50*1c60b9acSAndroid Build Coastguard WorkereyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ 51*1c60b9acSAndroid Build Coastguard Worker``` 52*1c60b9acSAndroid Build Coastguard Worker 53*1c60b9acSAndroid Build Coastguard WorkerNotice the logging is on stderr, and the output alone on stdout. 54*1c60b9acSAndroid Build Coastguard Worker 55*1c60b9acSAndroid Build Coastguard WorkerWhen signing, the compact representation of the JWS is output on stdout. 56*1c60b9acSAndroid Build Coastguard Worker 57*1c60b9acSAndroid Build Coastguard WorkerWhen verifying, if the signature is valid the plaintext is output on stdout 58*1c60b9acSAndroid Build Coastguard Workerand the tool exits with a 0 exit code. Otherwise nothing is output on stdout 59*1c60b9acSAndroid Build Coastguard Workerand it exits with a nonzero exit code. 60*1c60b9acSAndroid Build Coastguard Worker 61